[jdev] XML Namespaces validation
Sergey Dobrov
binary at jrudevels.org
Sun Apr 17 11:15:30 UTC 2011
On 04/15/2011 04:14 AM, Tomasz Sterna wrote:
> Dnia 2011-04-15, pią o godzinie 03:34 +0700, Sergey Dobrov pisze:
>>> This has been known for quite some time:
>>> https://support.process-one.net/browse/EJAB-680
>>>
>>> I remember someone saying that not all servers are going to
>> implement
>>> such checks as it could hurt performance.
>>>
>> Thanks for the link. I see that bug is with low priority and I
>> understand that this check will be high cost performance. But I have
>> no idea how to prevent possible DoS attack to my services.
>
> Server accepting an invalid stream and happily routing it is low
> priority???
> This is some strange prioritization...
>
> This shouldn't be your component job to check whether your server is
> sending invalid XML. The server should drop the offending stream in the
> first place.
>
> You can always switch your XMPP server to one in which XML parsing does
> not "hurt performance". ;-)
>
>
I don't see good alternatives for ejabberd. I need good Pubsub/PEP
support, message archiving and other main features to be implemented and
server should have good scalability.
--
With best regards,
Sergey Dobrov,
XMPP Developer and JRuDevels.org founder.
More information about the JDev
mailing list